Xuan Zhuo
2021-Oct-19 11:52 UTC
[PATCH v4 0/2] virtio_ring: check desc == NULL when packed and indirect
In the case of packed, use indirect desc, since desc is allocated by
kmalloc_array(), we should check whether its return value is NULL.
v4:
Inside the #2 patch, virtqueue_add_indirect_packed() return -EAGAIN when
desc == NULL.
v3:
Update commit message of the #1 patch.
v2:
Separate the style fix into a single patch.
Xuan Zhuo (2):
virtio_ring: fix style of virtqueue_add_indirect_packed
virtio_ring: check desc == NULL when using indirect with packed
drivers/virtio/virtio_ring.c | 25 ++++++++++++++++---------
1 file changed, 16 insertions(+), 9 deletions(-)
--
2.31.0
Xuan Zhuo
2021-Oct-19 11:52 UTC
[PATCH v4 1/2] virtio_ring: fix style of virtqueue_add_indirect_packed
Align the arguments of virtqueue_add_indirect_packed() to the open ( to
make it look prettier.
Signed-off-by: Xuan Zhuo <xuanzhuo at linux.alibaba.com>
Acked-by: Jason Wang <jasowang at redhat.com>
---
drivers/virtio/virtio_ring.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
index dd95dfd85e98..91a46c4da87d 100644
--- a/drivers/virtio/virtio_ring.c
+++ b/drivers/virtio/virtio_ring.c
@@ -1050,12 +1050,12 @@ static struct vring_packed_desc
*alloc_indirect_packed(unsigned int total_sg,
}
static int virtqueue_add_indirect_packed(struct vring_virtqueue *vq,
- struct scatterlist *sgs[],
- unsigned int total_sg,
- unsigned int out_sgs,
- unsigned int in_sgs,
- void *data,
- gfp_t gfp)
+ struct scatterlist *sgs[],
+ unsigned int total_sg,
+ unsigned int out_sgs,
+ unsigned int in_sgs,
+ void *data,
+ gfp_t gfp)
{
struct vring_packed_desc *desc;
struct scatterlist *sg;
--
2.31.0
Xuan Zhuo
2021-Oct-19 11:52 UTC
[PATCH v4 2/2] virtio_ring: check desc == NULL when using indirect with packed
When using indirect with packed, we don't check for allocation failures.
This patch checks that and fall back on direct.
Fixes: 1ce9e6055fa ("virtio_ring: introduce packed ring support")
Signed-off-by: Xuan Zhuo <xuanzhuo at linux.alibaba.com>
---
drivers/virtio/virtio_ring.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
index 91a46c4da87d..44a03b6e4dc4 100644
--- a/drivers/virtio/virtio_ring.c
+++ b/drivers/virtio/virtio_ring.c
@@ -1065,6 +1065,9 @@ static int virtqueue_add_indirect_packed(struct
vring_virtqueue *vq,
head = vq->packed.next_avail_idx;
desc = alloc_indirect_packed(total_sg, gfp);
+ if (!desc)
+ /* fall back on direct */
+ return -EAGAIN;
if (unlikely(vq->vq.num_free < 1)) {
pr_debug("Can't add buf len 1 - avail = 0\n");
@@ -1176,6 +1179,7 @@ static inline int virtqueue_add_packed(struct virtqueue
*_vq,
unsigned int i, n, c, descs_used, err_idx;
__le16 head_flags, flags;
u16 head, id, prev, curr, avail_used_flags;
+ int err;
START_USE(vq);
@@ -1191,9 +1195,12 @@ static inline int virtqueue_add_packed(struct virtqueue
*_vq,
BUG_ON(total_sg == 0);
- if (virtqueue_use_indirect(_vq, total_sg))
- return virtqueue_add_indirect_packed(vq, sgs, total_sg,
- out_sgs, in_sgs, data, gfp);
+ if (virtqueue_use_indirect(_vq, total_sg)) {
+ err = virtqueue_add_indirect_packed(vq, sgs, total_sg, out_sgs,
+ in_sgs, data, gfp);
+ if (err != -EAGAIN)
+ return err;
+ }
head = vq->packed.next_avail_idx;
avail_used_flags = vq->packed.avail_used_flags;
--
2.31.0
Michael S. Tsirkin
2021-Oct-19 13:23 UTC
[PATCH v4 0/2] virtio_ring: check desc == NULL when packed and indirect
On Tue, Oct 19, 2021 at 07:52:33PM +0800, Xuan Zhuo wrote:> In the case of packed, use indirect desc, since desc is allocated by > kmalloc_array(), we should check whether its return value is NULL. >a better description here: fix theoretical issues in virtio_ring (so I'm guessing - or did you observe any null pointer dereferences?)> v4: > Inside the #2 patch, virtqueue_add_indirect_packed() return -EAGAIN when > desc == NULL. > > v3: > Update commit message of the #1 patch. > > v2: > Separate the style fix into a single patch. > > > Xuan Zhuo (2): > virtio_ring: fix style of virtqueue_add_indirect_packed > virtio_ring: check desc == NULL when using indirect with packed > > drivers/virtio/virtio_ring.c | 25 ++++++++++++++++--------- > 1 file changed, 16 insertions(+), 9 deletions(-) > > -- > 2.31.0